1414 Commits

Author	SHA1	Message	Date
amammad	6ebdae3bab	Merge branch 'main' into amammad-python-bombs	2023-12-07 13:50:20 +01:00
amammad	2d0067d618	fix some qldocs, change Sink extenstion model, deduct some not necessarily checks :)	2023-12-07 13:45:28 +01:00
Chris Campbell	114b694553	Remove @precision values, correct missing tags	2023-11-16 15:50:41 +00:00
amammad	4283bb7d48	clean up unused vars,fix tests	2023-10-09 23:15:58 +02:00
amammad	9d86e7946c	move library file to experimental lib directory	2023-10-09 23:10:30 +02:00
amammad	1318afdb27	modularize	2023-10-09 23:07:52 +02:00
amammad	3175db226e	upgrade fastAPI remote sources	2023-10-09 20:51:19 +02:00
erik-krogh	4bc4e0845d	delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses	2023-10-07 21:48:49 +02:00
Josh Brown	ad86e576a4	autoformat	2023-10-03 13:40:17 -07:00
Josh Brown	b683a3caf8	Merge branch 'main' into jb1/16-cryptography-models-libraries-and-queries-migration	2023-10-04 07:24:29 +11:00
Benjamin Rodes	25203db4e7	Removing 'security' tags from all queries.	2023-09-27 12:43:51 -04:00
Josh Brown	7ad2932b3f	Update SymmetricEncryptionAlgorithms.ql ... Changing metadata to under python namespace	2023-09-21 12:12:16 -07:00
Benjamin Rodes	5fed923af0	Changed python inventory subdirectory structure to add old and new inventory models. Added some example old models.	2023-09-21 12:12:15 -07:00
Benjamin Rodes	50db4fd63e	Moved Cpp into sub directory 'cryptography' instead of crypto. Added python models, inventory, and example alerts.	2023-09-21 12:12:15 -07:00
amammad	6ee5865789	add sources to detect CVE completely	2023-09-07 18:27:40 +10:00
Rasmus Lerchedahl Petersen	55707d395e	Python: Make things compile in their new location ... - Move NoSQL concepts to the non-experimental concepts file - fix references	2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen	60dc1afbc0	Python: prepare to promote NoSqlInjection ... Mostly move files, preserving authourship. This will not compile.	2023-09-07 09:28:29 +02:00
amammad	bcfc28aae0	add sources to detect CVE completely	2023-09-07 02:02:32 +10:00
Rasmus Wriedt Larsen	e8e8d975e3	Python: Remove all usage of DataFlow2+TaintTracking2 ... (and any higher number as well)	2023-08-28 15:34:19 +02:00
Rasmus Wriedt Larsen	c665c21d83	Python: More style-guide renaming ... Split it into multiple commits to make it easier to review.	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	996364d6ee	Python: Fix naming style guide violations	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	98538d237e	Python: Autoformat	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	5ba8e102eb	Python: Adopt tests to new DataflowQueryTest ... Since we want to know the _sinks_ and not just the flow, we need to expose the config as well :|	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	6961ca5234	Python: Rename to EmailXss	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	6d4491e0a9	Python: Modernize WebAppConstantSecretKey	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	852b01c65d	Python: Move SmtpMessageConfig to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	d5e2a30e5b	Python: Modernize py/azure-storage/unsafe-client-side-encryption-in-use a bit ... To use consistent naming	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	bfcc194b85	Python: Move experimental paramiko to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	acd0f2a8fb	Python: Move experimental LDAPInsecureAuth to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	c6911c2ae0	Python: Move experimental UnicodeBypassValidation to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	2c06394bf3	Python: Move experimental CookieInjection to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	2c412707ab	Python: Move experimental CsvInjection to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	ace1e23c21	Python: Move experimental ClientSuppliedIpUsedInSecurityCheck to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	d948e103fa	Python: Move experimental HeaderInjection to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	53e57dad5c	Python: Move experimental InsecureRandomness to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	3bf2705668	Python: Move experimental TimingAttackAgainstHeaderValue to new dataflow API	2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen	c88a0ccb7c	Python: Move experimental TimingAttackAgainstHash to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	a779547515	Python: Move experimental PossibleTimingAttackAgainstHash to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	8abd3430a2	Python: Move experimental TimingAttackAgainstSensitiveInfo to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	1a4e8d9464	Python: Move experimental PossibleTimingAttackAgainstSensitiveInfo to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	5fd3594f5f	Python: Move TimingAttack.qll to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	5d8329d9c8	Python: Move experimental ZipSlip to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	67cc3a3935	Python: Move experimental ReflectedXSS to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	a0d26741d0	Python: Move experimental TarSlipImprov to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	3cdd875e9f	Python: Move experimental UnsafeUnpack to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	3edb9d1011	Python: Move experimental TokenBuiltFromUUID to new dataflow API	2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen	0f242475f2	Merge branch 'main' into experimental-cleanup	2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen	0dca8a5d86	Python: Remove old points-to modeling file ... Since all of this was ported already	2023-08-28 10:40:45 +02:00
Rasmus Wriedt Larsen	39e2b133e9	Python: Fix naming	2023-08-28 10:40:33 +02:00
Rasmus Wriedt Larsen	4c693b4fc3	Python: Port py/xslt-injection to new data-flow	2023-08-17 15:45:07 +02:00